Multi-Tenant Isolation
TagFinder is a multi-tenant SaaS platform. Every customer organization is fully isolated within the same infrastructure. Here is how it works.
How it works
Every row in the database carries an organization_id column. All API queries automatically filter by the authenticated user's organization. There is no way for one organization to read, modify, or even discover another organization's data.
Row-level security
PostgreSQL row-level security (RLS) policies enforce isolation at the database layer. Even if application code has a bug, the database itself rejects cross-organization queries. This is a defense-in-depth approach — the database acts as the final gatekeeper.
API isolation
Every API request is authenticated via OIDC tokens. The token contains the user's organization claim. The backend extracts this claim and scopes all queries to that organization. Admin APIs for managing organizations are only available to platform operators.
TagFinder does not use shared database schemas between customers. Each organization's data lives in the same tables but is cryptographically scoped by organization_id.